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IMPROVED CRYPTOGRAPHIC KEY PROCESSING AND STORAGE 

Background of the Invention 

This invention relates to systems that use cryptographic keys. 

Security of communications in, for example, computer and 
communication networks can be achieved by encrypting the 
communications using a cryptographic key. Typical applications include 
communications to and from personal computers, mobile telephones, or 
other user equipment. 

It is advantageous for the cryptographic key to be stored and 
maintained within the equipment. In this way, encryption and decryption 
can proceed in a way that is transparent to the user in that the user does 
not have to know the cryptographic key and be required to input it into 
the equipment prior to initiating communications. Rather, encryption and 
decryption can all be done automatically by the equipment. 

Storing and maintaining the cryptographic key in the equipment 
has other advantages, as well. For example, when it is desired to revoke a 
corporate employee's permission to use the corporate communications 
network (such as when the employee leaves the employ of the company) 
all that needs to be done is to retrieve from the employee's possession 
whatever equipment the employee may have been issued in which the 
cryptographic key was stored— a company-supplied network access card, 
for example, or to remove the key from such equipment. Similarly, the 
cryptographic key necessary to decrypt premium cable channel signals 
can be stored in the cable access box, so that discontinuation of the cable 
subscriber's access to such programming is readily achieved by removing 
the box from the subscriber premises. 

A further advantage arises from the fact that in many systems the 
same cryptographic key is used for communications to and from many 
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users. Thus if the cryptographic key was not stored in the equipment 
but, rather, was in the direct possession of the users, terminating a 
particular user's ability to utilize the network would require that a new 
cryptographic key be issued to all the other users — an inconvenient and 
5 potentially expensive proposition. Having the cryptographic key within 
equipment that can be recovered from an individual user is clearly a more 
advantageous approach in that regard. 

The approach is not foolproof, however. The manner in which the 
cryptographic key is stored in the user's equipment may be such that a 
10 sufficiently knowledgeable and/ or motivated user might be able to learn 
what the cryptographic key is. For example, the cryptographic key might 
*!? simply be stored in a file on the hard drive of a personal computer. Such 
W user would then be in a position to use the cryptographic key in the 
W future even if the equipment in question was taken away from him. It 
MS might be possible to store the cryptographic key in a less user-accessible 
g~ place within the computer, e.g., within a network access card. However, 
:^ a device like that is easily removable from the rest of the user's 
W equipment and is portable. As such, it is easy to make off with, even at a 
O moment's notice. Moreover, having the cryptographic key stored in such a 
20 user-inaccessible location as the network access card may thwart the 
desire of the network operator to be able to readily distribute 
cryptographic keys to a multiplicity of users by, for example, loading of 
the cryptographic key by a network administrator, and having that 
cryptographic key stored on the computer's hard drive. 
25 Advantageously, a more secure approach is to store the 

cryptographic key within the user equipment in encrypted form. In order 
for the cryptographic key to be usable for communications, then, it would 
first have to be decrypted by the equipment. Thus even if a user is able 
to locate the cryptographic key within the equipment, it does him no good 
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because the cryptographic key is encrypted and cannot be used until 
decrypted. 

Even this approach has a weakness, however, in that the 
information/algorithm needed to decrypt the cryptographic key must be 
5 stored somewhere within the user's equipment so that the cryptographic 
key can be decrypted when needed. Admittedly, it is more difficult for a 
user to have to discover not only the (now encrypted) cryptographic key 
but also the key decryption information and to know how to use the latter 
to recover the original cryptographic key. However, a sufficiently 
10 knowledgeable and motivated user might be able to do just that. Or the 
user might simply be able to monitor internal operations of the 
^ equipment in such a way as to "pick off the original cryptographic key 
JO once it has been decrypted and is in use within the system. 

Jp.5 Summary of the Invention 

"S" We have therefore recognized that there is a need to protect against 

^ unauthorized decryption of the encrypted cryptographic key(s). 
ijf In accordance with the invention, security of the cryptographic key 

O is enhanced beyond that provided by arrangements such as those 
20 described above by storing key re-transforming information, for example 
the decryption information, in a device, referred to herein as a 
"decryption store" which is separate from, i.e. communicates via a 
predetermined interface with, the device in which the transformed 
cryptographic key, such as the encrypted cryptographic key, is stored. 
25 The latter device is referred to herein as an "cryptographic key store." 
The system containing the decryption store and the cryptographic key 
store also contains accessing circuitry that is able to access the encrypted 
cryptographic key from the cryptographic key store. The cryptographic 
key store may be, for example, a disk drive of a computer, the decryption 
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store may be, for example, a network access card installed in that 
computer, and the accessing circuitry may be, for example, the 
computer's controller. Decryption of the encrypted cryptographic key is 
carried out in the decryption store, as is the subsequent encryption or 
5 decryption using the decrypted cryptographic key. The accessing 
circuitry communicates with the decryption store exclusively via the 
interface. The accessing circuitry and decryption store communicate by 
transferring information back and forth. However, the interface is such 
that the accessing circuitry is unable to access from the decryption store 
10 at least one of: a) at least a portion of the key re-transforming 
information, and b) at least a portion of the unencrypted cryptographic 
1% key. Preferably the accessing circuitry is unable to access either of them. 
JJJ In the above example, then, the encrypted cryptographic key can be 
W stored relatively insecurely on the computer disk drive — thereby allowing 
.pi 5 it to be readily changed — while the security of the cryptographic key itself 
g " is maintained at a very high level because there is no native capability for 
Jt? the computer to randomly read information from the network access 
card. It can only read information from the card via the interface 
p pursuant to the hardware and software design of the card. Thus absent a 
20 physical disassembly and reverse-engineering of the decryption store, it 
will be extraordinarily difficult for someone seeking to know the 
cryptographic key to discover the key decrypting algorithm and associated 
data or to read the decrypted cryptographic key from the decryption store 
during the actual encryption process. Moreover, even if the encrypted 
25 cryptographic key is duplicated and shared with another (unauthorized) 
user, it cannot be used without a physical possession of the decryption 
store devise. 
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Brief Description of the Drawings 

Figure 1 illustrates a computer communication system embodying 
the principles of the present invention; 

Figure 2 illustrates the details of the computer used in the system 
5 of Figure 1; 

Figure 3 illustrates the details of a network access card installed in 
the computer of Figures 1 and 2; 

Figure 4 is a flowchart illustrating a key load process of the system 
of Figure 1; 

io Figure 5 is a flowchart illustrating aspects of the operation of the 

system of Figure 1 when the system transmits information to the 
9 network; 

CO Figure 6 is a flowchart illustrating aspects of the operation of the 

y system of Figure 1 when the system receives information from the 
35 network; and 

I = Figure 7 illustrates another system embodying the principles of the 

a present invention; in this embodiment the computer communicates with 
UJ a wireless communication system via a mobile terminal. 

" 20 Detailed Description 

Figure 1 illustrates system 100, in accordance with the present 
invention. System 100 communicates over an over-the-air channel 140 
with base station 130 of a computer network. The computer network can 
be any type of computer network, such as a wide area network or a local 
25 area network (LAN). 

More particularly system 100 includes computer 110 that 
communicates with base station 130. As shown in Figure 2, computer 
110 includes display 240, I/O port 250, a controller, such as processor 
230, that controls the operation of the computer, and a memory, such as 
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hard disk drive 210, containing memory locations 220i, 2202, . . . 220m, 
for storing information, such as software, and data. Computer 110 also 
includes buses 260 that connect each of these elements of computer 110 
to some or all of the other elements of computer 110. Computer 110 also 
5 contains other elements, not shown, useful in the operation of computer 
110. 

Computer 110's I/O port 250 interfaces with network access card 
120 ? s I/O port 350 (shown in Figure 3). The network access card should 
be the type of card that can be used to access the particular type of 
10 network with which system 100 wishes to communicate. For example, 
when the network is a LAN the network access card can be a WAVELAN 
c :j Gold PC card, or an ORINOCO Gold PC card, both currently 

manufactured by Lucent Technologies. 
W As can be seen in Figure 1, network access card 120 is inserted into 

Jhs slot 150 of computer 110 and forms part of system 100. Computer 110 
'j* uses network access card 120 to communicate with base station 130. To 
^ this end, as shown in Figure 3, network access card 120 includes a 
W transmitter 310 for transmitting information to base station 130, and 
O receiver 320 for receiving information from base station 130. Network 
20 access card 120 also includes memory 340, for storing information such 
as software and data, and a controller, such as processor 330, that 
controls the operation of network access card 120. Network access card 
120 may also include other elements, not shown, useful in the operation 
of network access card 120. Each of the elements in network access card 
25 120 is coupled to some or all of its other elements via buses 360. 

Security of communications in the computer network is achieved by 
encrypting the communications between computer 110 and the network 
using a cryptographic key. As explained above, it is advantageous for the 
cryptographic key to be stored in transformed format, such as for 
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example in encrypted form, within computer 110. Illustratively, the 

encrypted cryptographic key is stored in memory location 220 M of hard 

disk drive 210. Obviously, the encrypted cryptographic key needs to be 

decrypted before it is used to encrypt a communication, so the 

5 information and algorithm needed to decrypt the encrypted cryptographic 

key, referred to herein as the key re-transforming information, must be 

stored somewhere within system 100. As noted above, there is a 

problem with most conventional ways of storing the key re-transforming 

information within system 100. A sufficiently knowledgeable and 

10 motivated user might be able to discover the encrypted cryptographic key 

and the key re-transforming information and to know how to use the 

^ latter to recover the original cryptographic key. Or the user might simply 

SO be able to monitor internal operations of the equipment in such a way as 

L J t0 "P ick offW the ori g inal cryptographic key once it has been decrypted and 
3 5 is in use within the system. 

In accordance with the invention, security of the cryptographic key 

!=={ is enhanced beyond that provided by known arrangements by storing the 

:ii ke y re-transforming information in a device, referred to herein as a 

o "decryption store" which is separate from the device in which the 

20 encrypted cryptographic key is stored, referred to herein as an 

"cryptographic key store." In the present illustrative embodiment of the 

invention, the cryptographic key store is hard disk drive 210 of computer 

110 and the decryption store is network access card 120. System 100 

also contains accessing circuitry such as a controller, which in the 

25 present illustrative embodiment is processor 230, that is able to access 

the encrypted cryptographic key from hard disk drive 210. Decryption of 

the encrypted cryptographic key is carried out in network access card 

120, as is the subsequent encryption using the decrypted cryptographic 

key. Processor 230 communicates with the decryption store exclusively 
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via a predetermined interface. The interface being such that processor 
230 is unable to access from the decryption store at least one of: a) at 
least a portion of the key re-transforming information, and b) at least a 
portion of the cryptographic key, and preferably, the processor is unable 
to access either of them. The portion of the key re-transforming 
information and the portion of the cryptographic key that is inaccessible 
should be large enough to prevent someone from being able to obtain the 
entire cryptographic key from the encrypted cryptographic key. (In some 
embodiments of the invention the entire cryptographic key may be 
inaccessible and/ or the entire key re-transforming information may be 
inaccessible.) 

Thus, the encrypted cryptographic key can be stored relatively 
insecurely on hard disk drive 210 — thereby allowing it to be readily 
changed— while the security of the cryptographic key itself is maintained 
at a very high level because there is no native capability for computer 110 
to randomly read information from network access card 120. 

Figures 4, 5, and 6 show an illustrative flow of the process of 
aspects of the operation of system 100. The individual boxes in the 
flowcharts of Figures 4, 5, and 6 are described as process steps. 
However, those boxes can be equally understood as representing program 
instructions stored in a memory of system 100 and executed by a 
processor of system 100 to effectuate the respective process steps. 

An illustrative key load process 400 is now described with reference 
to Figures 1, 2, 3 and 4. The cryptographic key is loaded onto network 
access card 120. For example, the cryptographic key can be loaded onto 
the network access card when the card is first manufactured, or a 
network administrator can load the cryptographic key onto the card from 
a disk at a later time. 
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The cryptographic key is received by network access card 120, step 
420, and sent via bus 360 to processor 330, which then, in step 430, 
runs key encrypting module 365 stored in memory 340. Key encrypting 
module 365 uses key transforming information, such as a key encrypting 
5 algorithm and a transformation pattern, both stored in memory 340. The 
key encrypting algorithm can be any algorithm, such as for example a 
"one-way function" (one-way permutation), such as a so-called block 
encoder. The block encoder is a non-reversible function, i.e. it does not 
allow the decryption of the encrypted cryptographic key without the 
10 transformation pattern. It is advantageous in this environment to avoid 
techniques that may make the encrypted cryptographic key susceptible to 
^ being decrypted without knowing the transformation pattern. 
J Key encrypting module 365 uses this key encrypting algorithm and 

y the transformation pattern to encrypt the cryptographic key as a function 
jj5 of the transformation pattern and so produce the encrypted cryptographic 
~ key. Thus, the encrypted cryptographic key is a function of the 
! y; transformation pattern. The transformation pattern can be any set of bits 
g that can be generated or selected in any manner. For increased security 
O the transformation pattern is preferably a secret transformation pattern, 
20 i.e. it is not known outside of the network access card. For example, the 
transformation pattern can be randomly generated by the network access 
card. Alternatively, the transformation pattern can be a unique identifier 
of network access card 120, i.e. that is any set of bits unique to network 
access card 120. Some examples of such unique identifier network 
25 access card 120's serial number or its Medium Access Control (MAC) 
address — a unique address assigned to the network access card. 
Although, again preferably, the unique identifier is either secret, i.e. it is 
not known outside of the network access card, or not easily obtainable. 
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This transformation pattern, or another transformation pattern 
which can be used to decrypt the cryptographic key encrypted with this 
transformation pattern, becomes part of the key re-transforming 
information, i.e. the information needed to decrypt the now encrypted 
5 cryptographic key. As described above, in addition to the transformation 
pattern the key re-transforming information includes the other 
information needed to decrypt the encrypted cryptographic key, such as, 
for example, a key-decrypting algorithm. 

The key transforming and key re-transforming information can be 
10 provided to network access card 120 in any manner. For example, the 
information can be built into network access card 120, or loaded onto 
network access card 120. The two types of information, transforming and 
K re-transforming, can be provided to network access card 120 in either the 
W same or in different manners. Furthermore, portions of each type of key 
J 5 re-transforming information can be provided to the network access cards 
^ through different means. For example, the key encrypting and key 
fjj decrypting algorithms can be loaded onto the network access card when 
jfz it is manufactured and the rest of the information can be loaded from a 
O disk when the network access card is put into operation. 
20 The interface for I/O port 350 is designed so that it does not allow 

access to at least a portion of the key re-transforming information on the 
network access card, and so that it does not allow access to a least a 
portion of the cryptographic key while is it being used by the network 
access card. Preferably, the interface is also designed so that it does not 
25 allow access to at least a portion of the key transforming information on 
the network access card. Designing the interface in this manner can 
include not allowing I/O port 350 to address some or all of memory 340, 
buses 360, and processor 330 that respectively store, transport, and 
process the cryptographic key and the decryption and key transforming 

10 



' Garay - Jakobsson - Kristol - Mizikovsky - 7 - 42 - 7 - 29 

information. Thus, a user would not be able to monitor internal 
operations of network access card 120 in such a way as to "pick off the 
original cryptographic key once it has been decrypted and is in use; nor 
would the user be able to discover the encrypted cryptographic key and 
the key re-transforming and/ or key transforming information and to use 
the latter to recover the original cryptographic key. 

After the cryptographic key is encrypted, then, in step 440, network 
access card 120's I/O port 350 provides the encrypted cryptographic key 
to computer 110's I/O port 250. I/O port 250 receives the encrypted 
cryptographic key, step 450, and sends it via bus 260 to memory 210 for 
storage, step 460. It is in this way that network access card 120 sends 
the encrypted cryptographic key to memory 210 where the encrypted 
cryptographic key is stored for a period of time. 

The same cryptographic key can be provided to multiple systems, or 
the cryptographic key provided to system 100 may be a unique key. 
Additionally, system 100 may use multiple cryptographic keys, either 
concurrently or interchangeably. Key load process 400 can be used to 
load all or some of the cryptographic keys used by system 100. 
Additionally key load process 400 can be used to load both the initial and 
the replacement cryptographic keys. In the latter case, once the 
replacement cryptographic key is encrypted it can be stored in the same 
memory location as its corresponding previous encrypted cryptographic 
key, in which case the replacement key will override the previous key. 
Alternatively, the replacement key can be stored in a different memory 
location and the previous key is then erased. A different transformation 
pattern can be generated or selected for each distinct cryptographic key, 
i.e. each new cryptographic key and each replacement cryptographic key. 
Alternatively one transformation pattern can be used to encrypt multiple 
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cryptographic keys, by for example, generating or selecting one 
transformation pattern and storing it on the network access card. 

Once computer 110 has the encrypted cryptographic key in memory 
210, it can communicate with the network. Computer 110 needs to 
5 communicate with the network when computer 110 needs to transmit 
information to the network. The information can be any type of 
information, such as data, voice, or control information. Some examples 
of the latter include a request to access a file, software, or a network 
peripheral. Illustrative aspects of the operation of system 100 when 
io computer 110 needs to transmit information to the network are now 
described with reference to Figures 1, 2, 3 and 5. 
;S Periodically, computer 110 checks if it needs to transmit 

[0 information to the network, step 505. If the answer is NO, then the 
y computer waits and checks again later. If the answer is YES, then, in 
4 5 step 510, computer 110's processor 230 directs the encrypted 
cryptographic key and the information that is to be transmitted via bus 
260 to I/O port 250, which in turn provides them to network access card 
W 120's I/O port 350. I/O port 350 receives them, step 515, and sends 
O them via bus 360 to processor 330, which runs key decrypting module 
20 370 stored in memory 340, step 520. Key decrypting module 370 uses 
the key re-transforming information to decrypt the encrypted 
cryptographic key using the key re-transforming information to produce 
the cryptographic key. Processor 330 then runs encryption module 380 
stored in memory 340, step 525. Encryption module 380 uses the now 
25 decrypted cryptographic key to encrypt the information to produce 
encrypted information. In order to enhance the security of the encrypted 
information, the encryption module may also introduce an additional 
element of variability by, for example, adding the well-known technique of 
encrypting the information as a function of a so-called cryptosync or 
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cryptographic synchronizer. In this technique, a value that is readily 
ascertainable by system 100 and the network, for example a so-called 
packet number, is used in addition to the cryptographic key to encrypt 
one portion, for example, a so-called packet, of the information, such that 
5 each packet is encrypted using the cryptographic key and the value 
associated with the packet. 

The network access card then transmits the encrypted information 
to base station 130 via transmitter 310, step 530. The network receives 
the encrypted information, via base station 130, and then decrypts and 
10 processes this information. 

The above paragraph describes the operation of the system when 
^ computer 110 needs to transmit something to the network. Additionally, 
JO computer 110 needs to communicate with the network when the network 
W transmits information to computer 110. Illustrative aspects of the 
ji5 operation of system 100 when computer 110 receives information from 
'~ the network are now described with reference to Figures 1, 2, 3 and 6. 
:H The network transmits information, via base station 130, to network 

JJ{ access card 120, which receives the information via receiver 320, step 
O 607. Network access card 120 periodically checks if it has received 
20 encrypted information from the network, step 610. If the answer is NO, 
then the network access card waits and checks again later. If the answer 
is YES, then, in step 615, network access card 120's processor 330 sends 
a request through its I/O port 350 requesting the encrypted 
cryptographic key. Computer 110's I/O port 250 receives the request, 
25 step 620, which it forwards via bus 260 to processor 230. Processor 230 
directs the encrypted cryptographic key to be provided via I/O 250 to I/O 
port 350, step 625. I/O port 350 receives the encrypted cryptographic 
key, step 630, and sends it via bus 360 to processor 330. Processor 330 
then runs key decrypting module 370, step 630, which uses the key re- 
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transforming information to decrypt the encrypted cryptographic key. 
Thereafter, processor 330 runs decryption module 390 also stored in 
memory 340, step 640. Decryption module 390 uses the now decrypted 
cryptographic key (and any other necessary information such as the 
above-described cryptosync) to decrypt the received information and 
thereby produce decrypted information. The network access card then 
sends the decrypted information via I/O port 350 to computer 110, step 
645. Computer 110's I/O port 250 receives the decrypted information, 
step 650, and sends it via bus 260 to processor 230, where the 
information is processed, step 655. 

Optionally, the security of system 100 can be further increased by 
erasing the unencrypted cryptographic key from the network access card. 
For example, the cryptographic key can be erased from the network 
access card at the completion of each cryptographic operation — an 
encrypting or decrypting operation — where "completion" means that all of 
the information provided to the network access card in steps 515 or 607 
has been either encrypted or decrypted. Alternatively, the cryptographic 
key can be stored in the network access card in such a way that it 
disappears from the network access card when network access card is 
removed from system 100. In the former case network access card 120 
would receive the encrypted cryptographic key before each cryptographic 
operation; and in the later case network access card 120 would receive 
the encrypted cryptographic key at least before the first cryptographic 
operation after the network access card is inserted into system 100. 

The operation of system 100 has been described above with the 
cryptographic key loaded using key load process 400 where the key is 
encrypted by the network access card using its transformation pattern. 
This process provides the advantages of added security in that 1) only the 
particular network card can decrypt the encrypted cryptographic key and 
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2) the particular network card can only decrypt the encrypted 
cryptographic keys that were encrypted as a function of its 
transformation pattern. 

However, key load process 400 is optional. In alternative 
embodiments of the invention the unencrypted cryptographic key is not 
encrypted in the network access card and then passed to computer 110. 
Rather, the cryptographic key is encrypted elsewhere and the 
cryptographic key in its encrypted form is provided to computer 110, for 
example, by being loaded onto computer 110 from a disk by the network 
administrator. In this case, the key re-transforming information has to 
be provided to the network access card. The key re-transforming 
information can be provided to the network access card in any manner, 
such as, for example, it can be built into or loaded onto network access 
card 120. 

The foregoing is merely illustrative and various alternatives will now 
be discussed. In the illustrative embodiments the encrypted 
cryptographic key is decrypted to produce the cryptographic key. In 
alternative embodiments of the invention any transformation, referred to 
herein as a re-transformation, may be used to transform the encrypted 
cryptographic key to produce the cryptographic key. The re- 
transformation may be any process that changes the encrypted 
cryptographic key to obtain the cryptographic key. For example the re- 
transformation may include any of the following, either alone or in any 
combination: decryption, decoding, masking, combining, permuting, and 
rearranging. 

Additionally, any transformation may be used to transform the 
cryptographic key to produce the encrypted cryptographic key. This 
transformation may be any process that changes the cryptographic key 
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such as, for example, any, or any combination of: encryption, encoding, 
masking, combining, permuting, and rearranging. 

In the illustrative embodiment the cryptographic key is encrypted as 
a function of the transformation pattern, which may be a unique 
5 identifier of the network access card. In alternative embodiments, the 
cryptographic key can be encrypted with an identifier of a different piece 
of equipment, such as, for example, an identifier of computer 110. 

In other alternative embodiments, rather than encrypt the 
cryptographic key with a transformation pattern associated with the 
10 network access card, the cryptographic key can be encrypted with a 
general transformation pattern, which is a transformation pattern used 
5£ by many, or even all, other systems that communicate with the network. 
jSj In the illustrative embodiment the cryptographic key is encrypted as 

Ly a function of the transformation pattern. In alternative embodiments the 
35 encrypted cryptographic key can be a function of other information in 
j* addition to the transformation pattern. This other information can be 
£j provided in any known manner, such, as for example, by building it into 
W network access card 120, loading it onto network access card 120 from a 
O source other than the network, or downloading it from the network to the 
" 20 network access card. (In the last case, the download can be made more 
secure from unauthorized eavesdropping by using well-known techniques 
such as public key based key exchange or special tunneling.) 

In the illustrative embodiment the cryptographic key is encrypted as 
a function of the transformation pattern. In alternative embodiments, the 
25 cryptographic key can be combined with other information before it is 
encrypted using the transformation pattern to produce the encrypted 
cryptographic key. The cryptographic key can be combined with the 
other information in any manner, for example by concatenating the 
cryptographic key and the other information, or by concatenating the key 
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and the other information and then permuting the result. In such 
embodiments, when the encrypted cryptographic key is decrypted the 
result would be the combination on the cryptographic key and the other 
information. This combination would then be processed to obtain the 
cryptographic key. The other information can be any information that is 
provided to the network access card in any manner. For example, the 
other information may be a set of bits that is randomly generated by the 
network access card. 

In the examples shown in the illustrative embodiment the 
decryption and key transforming information is built into network access 
card 120, or loaded onto network access card 120 from a source other 
than the network. However, as described above, the decryption and key 
transforming information can be provided to the network access card in 
any manner. For example, there may be some applications where it may 
be advantageous to configure the network access card to accept either or 
both the decryption and key transforming information in a download from 
the network, even though typically this is not as secure as the other 
above described methods of providing the information. (Similarly to the 
above downloads, this download can be made more secure from 
unauthorized eavesdropping by using well-known techniques such as 
public key based key exchange or special tunneling.) 

In the illustrative embodiment, the cryptographic key is loaded onto 
the network access card, either when the card is first manufactured or at 
a later time. However, the cryptographic key can be provided in any 
manner and at any time, such as, for example, the network, of which 
base station 130 is a part, can download the cryptographic key to system 
100 via base station 130. (This download can be made more secure from 
unauthorized eavesdropping in any manner, such as, for example, by 
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using such well known techniques as public key based key exchange or 
special tunneling.) 

Additionally, in the cases where the cryptographic key is provided to 
the network access card from a source other than the network, then 
5 optionally, system 100 may then provide the cryptographic key to the 
network, preferably in a secure transmission. 

The illustrative embodiment is described with I/O port 350 being 
one I/O port. However, one skilled in the art will realize that the I/O port 
can be implemented as multiple I/O ports, in which case the interface is 
10 designed so that none of the I/O ports allow access to the cryptographic 
key, at least a portion of the key re-transforming information, and, 
jrj optionally, at least a portion of the key transforming information. 
K (Similarly, I/O port 250 may also be implemented as multiple I/O ports.) 
W Furthermore, the I/O ports can be implemented as separate input and 
35 output ports. 

j," In the illustrative embodiment the computer memory that stores the 

^ encrypted cryptographic key is hard drive 210. However, in alternative 
embodiments the computer memory does not have to include any 
O mechanical components typically included in a hard drive. The computer 
20 memory can be any type of computer memory. 

The illustrative embodiment is described with key encrypting 
module 365, key decrypting module 370, encryption module 380, and 
decryption module 390 implemented as software stored in memory 340. 
However, in alternative embodiments each of these blocks can be 
25 implemented with some, or all of the modules implemented in hardware. 
In that case each module can be implemented as distinct circuitry, or all 
or some of the modules implemented in one circuit. 

The illustrative embodiment is described with the decryption store 
including key encrypting module 365, key decrypting module 370, 
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encryption module 380, and decryption module 390. However, in 
alternative embodiments the decryption store can include fewer than all 
of these modules. For example, the decryption store can include just key 
decrypting module 370 and encryption module 380. 
5 In the illustrative embodiment, the network access card receives 

and decrypts the encrypted cryptographic key before each cryptographic 
operation, steps 515 and 520, and 615, 630 and 635. However, the 
network access card can receive and decrypt the encrypted cryptographic 
key either periodically, or, as described above in the optional process, the 
io network access card can receive and decrypt the encrypted cryptographic 
key at least when the network access card is inserted into the system. 
^ In the illustrative embodiment the network is a computer network, 

jjj In alternative embodiments of the invention, the network can be any type 
UJ of network, in which case the network access equipment, which in the 
illustrative embodiment was network access card 120, is any network 
"J* access equipment that can access the particular type of network. For 
example, Figure 7 shows one alternative embodiment of system 700 in 
g accordance with an illustrative embodiment of the present invention 
D where computer 710 communicates over channel 740 with base station 
20 730 of a wireless communications network. In this case, the network 
access equipment is mobile terminal 720, which computer 710 uses to 
communicate with base station 730. 

In the illustrative embodiments of Figures 1 and 7 the decryption 
store is the network access equipment, i.e. network access card 120 and 
25 mobile terminal 720, respectively. In alternative embodiments of the 
invention, the decryption store can be any device that is separate from, 
i.e. communicates via an interface with, the device in which the 
cryptographic key is stored and where the interface does not allow access 
to at least one of a) at least a portion of the key re-transforming 
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information, and b) at least a portion of the cryptographic key. 
Optionally, the interface also does not allow access to at least a portion of 
the key transforming information. 

In the illustrative embodiments of Figures 1 and 7 the system 
communicates with the network over an over-the-air interface. In 
alternative embodiments, the interface can be any interface. 

In the illustrative embodiment the cryptographic key is used to both 
encrypt the information from the computer to the network and decrypt 
the information from the network to the computer. In alternative 
embodiments one cryptographic key can be used to encrypt the 
information and another cryptographic key can be used to decrypt the 
information, and either or both keys can be transformed using the key 
encryption and key decryption information and either or both keys can be 
stored in accordance with the invention. 

In the illustrative embodiment of the entire cryptographic key is 
used to produce the encrypted cryptographic key. In alternative of the 
invention, only a portion of the cryptographic key is used. (The other 
portion of the cryptographic key may be stored in any manner or 
processed and then stored in any manner.) 

Thus, while the invention has been described with reference to a 
preferred embodiment, it will be understood by those skilled in the art 
having reference to the specification and drawings that various 
modifications and alternatives are possible therein without departing 
from the spirit and scope of the invention. 
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